Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add TokenVerifier class that can verify RS256/ES256 tokens #420

Merged
merged 21 commits into from
Jun 24, 2020

Conversation

chingor13
Copy link
Contributor

@chingor13 chingor13 commented Apr 24, 2020

Exposes interface for validating Google signed RS256/ES256 JWT tokens.

This implementation returns a JsonWebSignature instance (from google-http-client) on success and throws a VerificationException on any error.

Usage:

TokenVerifier tokenVerifier = TokenVerifier.newBuilder()
  .setAudience("audience-to-verify")
  .setIssuer("issuer-to-verify")
  .build();
try {
  JsonWebSignature jsonWebSignature = tokenVerifier.verify(tokenString);
  // optionally verify additional claims
  jsonWebSignature
} catch (TokenVerifier.VerificationException e) {
  // invalid token
}

Fixes #85

@googlebot googlebot added the cla: yes This human has signed the Contributor License Agreement. label Apr 24, 2020
@codecov
Copy link

codecov bot commented Apr 24, 2020

Codecov Report

Merging #420 into master will increase coverage by 0.36%.
The diff coverage is 83.87%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #420      +/-   ##
============================================
+ Coverage     79.50%   79.86%   +0.36%     
- Complexity      397      409      +12     
============================================
  Files            27       28       +1     
  Lines          1800     1927     +127     
  Branches        186      201      +15     
============================================
+ Hits           1431     1539     +108     
- Misses          269      280      +11     
- Partials        100      108       +8     
Impacted Files Coverage Δ Complexity Δ
...ttp/java/com/google/auth/oauth2/TokenVerifier.java 83.87% <83.87%> (ø) 12.00 <12.00> (?)
...tp/java/com/google/auth/oauth2/UserAuthorizer.java 77.59% <0.00%> (+0.12%) 20.00% <0.00%> (ø%)
...om/google/auth/appengine/AppEngineCredentials.java 75.47% <0.00%> (+0.96%) 16.00% <0.00%> (ø%)
..._http/java/com/google/auth/oauth2/OAuth2Utils.java 67.21% <0.00%> (+1.63%) 12.00% <0.00%> (ø%)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 662bd80...96aabab. Read the comment docs.

@chingor13 chingor13 marked this pull request as ready for review May 28, 2020 19:43
@chingor13 chingor13 requested a review from a team as a code owner May 28, 2020 19:43
@chingor13 chingor13 requested a review from bshaffer May 28, 2020 19:43
README.md Show resolved Hide resolved
@bshaffer
Copy link
Contributor

@BenWhitehead @elharo If you have no additional concerns can one of you approve this PR?

@chingor13 chingor13 merged commit 5014ac7 into googleapis:master Jun 24, 2020
@chingor13 chingor13 deleted the verify-id-token-instance branch June 24, 2020 19:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

FR: jwt validate
5 participants